mirror of
https://github.com/quexten/goldwarden.git
synced 2024-11-30 12:32:57 +03:00
Merge pull request #130 from SuperSandro2000/lints-agents
Fix whole bunch of lints
This commit is contained in:
commit
bc1a94ba71
@ -144,7 +144,14 @@ func handleGetConfigEnvironment(request messages.IPCMessage, cfg *config.Config,
|
||||
|
||||
func handleSetClientID(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (response messages.IPCMessage, err error) {
|
||||
clientID := messages.ParsePayload(request).(messages.SetClientIDRequest).Value
|
||||
cfg.SetClientID(clientID)
|
||||
err = cfg.SetClientID(clientID)
|
||||
if err != nil {
|
||||
return messages.IPCMessageFromPayload(messages.ActionResponse{
|
||||
Success: false,
|
||||
Message: err.Error(),
|
||||
})
|
||||
}
|
||||
|
||||
err = cfg.WriteConfig()
|
||||
if err != nil {
|
||||
return messages.IPCMessageFromPayload(messages.ActionResponse{
|
||||
@ -160,7 +167,14 @@ func handleSetClientID(request messages.IPCMessage, cfg *config.Config, vault *v
|
||||
|
||||
func handleSetClientSecret(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (response messages.IPCMessage, err error) {
|
||||
clientSecret := messages.ParsePayload(request).(messages.SetClientSecretRequest).Value
|
||||
cfg.SetClientSecret(clientSecret)
|
||||
err = cfg.SetClientSecret(clientSecret)
|
||||
if err != nil {
|
||||
return messages.IPCMessageFromPayload(messages.ActionResponse{
|
||||
Success: false,
|
||||
Message: err.Error(),
|
||||
})
|
||||
}
|
||||
|
||||
err = cfg.WriteConfig()
|
||||
if err != nil {
|
||||
return messages.IPCMessageFromPayload(messages.ActionResponse{
|
||||
|
@ -57,7 +57,7 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
|
||||
return
|
||||
}
|
||||
|
||||
cfg.SetToken(config.LoginToken{
|
||||
_ = cfg.SetToken(config.LoginToken{
|
||||
AccessToken: token.AccessToken,
|
||||
ExpiresIn: token.ExpiresIn,
|
||||
TokenType: token.TokenType,
|
||||
@ -88,7 +88,7 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
|
||||
if err != nil {
|
||||
defer func() {
|
||||
notify.Notify("Goldwarden", "Could not decrypt. Wrong password?", "", 10*time.Second, func() {})
|
||||
cfg.SetToken(config.LoginToken{})
|
||||
_ = cfg.SetToken(config.LoginToken{})
|
||||
vault.Clear()
|
||||
}()
|
||||
|
||||
@ -103,9 +103,9 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
|
||||
return
|
||||
}
|
||||
|
||||
cfg.SetUserSymmetricKey(vault.Keyring.GetAccountKey().Bytes())
|
||||
cfg.SetMasterPasswordHash([]byte(masterpasswordHash))
|
||||
cfg.SetMasterKey([]byte(masterKey.GetBytes()))
|
||||
err = cfg.SetUserSymmetricKey(vault.Keyring.GetAccountKey().Bytes())
|
||||
err = cfg.SetMasterPasswordHash([]byte(masterpasswordHash))
|
||||
err = cfg.SetMasterKey([]byte(masterKey.GetBytes()))
|
||||
var protectedUserSymetricKey crypto.SymmetricEncryptionKey
|
||||
if vault.Keyring.IsMemguard {
|
||||
protectedUserSymetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(vault.Keyring.GetAccountKey().Bytes())
|
||||
@ -115,7 +115,7 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
|
||||
if err != nil {
|
||||
defer func() {
|
||||
notify.Notify("Goldwarden", "Could not decrypt. Wrong password?", "", 10*time.Second, func() {})
|
||||
cfg.SetToken(config.LoginToken{})
|
||||
_ = cfg.SetToken(config.LoginToken{})
|
||||
vault.Clear()
|
||||
}()
|
||||
|
||||
|
@ -69,11 +69,7 @@ func handleGetLoginCipher(request messages.IPCMessage, cfg *config.Config, vault
|
||||
if !login.Login.Totp.IsNull() {
|
||||
decryptedTotp, err := crypto.DecryptWith(login.Login.Totp, cipherKey)
|
||||
if err == nil {
|
||||
if err == nil {
|
||||
decryptedLogin.TOTPSeed = string(decryptedTotp)
|
||||
} else {
|
||||
fmt.Println(err)
|
||||
}
|
||||
decryptedLogin.TOTPSeed = string(decryptedTotp)
|
||||
} else {
|
||||
fmt.Println(string(decryptedTotp))
|
||||
}
|
||||
@ -117,11 +113,7 @@ func handleListLoginsRequest(request messages.IPCMessage, cfg *config.Config, va
|
||||
continue
|
||||
}
|
||||
|
||||
var decryptedName []byte = []byte{}
|
||||
var decryptedUsername []byte = []byte{}
|
||||
var decryptedPassword []byte = []byte{}
|
||||
var decryptedTotp []byte = []byte{}
|
||||
var decryptedURL []byte = []byte{}
|
||||
var decryptedName, decryptedUsername, decryptedPassword, decryptedTotp, decryptedURL []byte
|
||||
|
||||
if !login.Name.IsNull() {
|
||||
decryptedName, err = crypto.DecryptWith(login.Name, key)
|
||||
|
@ -146,7 +146,10 @@ func handleLockVault(request messages.IPCMessage, cfg *config.Config, vault *vau
|
||||
|
||||
func handleWipeVault(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, callingContext *sockets.CallingContext) (response messages.IPCMessage, err error) {
|
||||
cfg.Purge()
|
||||
cfg.WriteConfig()
|
||||
err = cfg.WriteConfig()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
vault.Clear()
|
||||
|
||||
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
|
||||
|
@ -208,7 +208,15 @@ func LoginWithDevice(ctx context.Context, email string, cfg *config.Config, vaul
|
||||
}
|
||||
if authRequestData.RequestApproved {
|
||||
masterKey, err := crypto.DecryptWithAsymmetric([]byte(authRequestData.Key), publicKey)
|
||||
if err != nil {
|
||||
return LoginResponseToken{}, crypto.MasterKey{}, "", fmt.Errorf("could not decrypt key with asymmetric key: %s", err.Error())
|
||||
}
|
||||
|
||||
masterPasswordHash, err := crypto.DecryptWithAsymmetric([]byte(authRequestData.MasterPasswordHash), publicKey)
|
||||
if err != nil {
|
||||
return LoginResponseToken{}, crypto.MasterKey{}, "", fmt.Errorf("could not decrypt master password hash with asymmetric key: %s", err.Error())
|
||||
}
|
||||
|
||||
values := urlValues(
|
||||
"grant_type", "password",
|
||||
"username", email,
|
||||
@ -233,7 +241,7 @@ func LoginWithDevice(ctx context.Context, email string, cfg *config.Config, vaul
|
||||
return LoginResponseToken{}, crypto.MasterKey{}, "", fmt.Errorf("captcha required, please login via the web interface")
|
||||
|
||||
} else if err != nil {
|
||||
return LoginResponseToken{}, crypto.MasterKey{}, "", fmt.Errorf("could not login via password: %v", err)
|
||||
return LoginResponseToken{}, crypto.MasterKey{}, "", fmt.Errorf("could not login via password: %s", err.Error())
|
||||
}
|
||||
return loginResponseToken, crypto.MasterKeyFromBytes(masterKey), string(masterPasswordHash), nil
|
||||
}
|
||||
@ -282,13 +290,17 @@ func RefreshToken(ctx context.Context, cfg *config.Config) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
cfg.SetToken(config.LoginToken{
|
||||
err = cfg.SetToken(config.LoginToken{
|
||||
AccessToken: loginResponseToken.AccessToken,
|
||||
RefreshToken: "",
|
||||
Key: loginResponseToken.Key,
|
||||
TokenType: loginResponseToken.TokenType,
|
||||
ExpiresIn: loginResponseToken.ExpiresIn,
|
||||
})
|
||||
if err != nil {
|
||||
authLog.Error("Could not set token: %s", err.Error())
|
||||
return false
|
||||
}
|
||||
} else {
|
||||
authLog.Info("No api credentials set")
|
||||
}
|
||||
@ -306,13 +318,17 @@ func RefreshToken(ctx context.Context, cfg *config.Config) bool {
|
||||
notify.Notify("Goldwarden", fmt.Sprintf("Could not refresh token: %v", err), "", 0, func() {})
|
||||
return false
|
||||
}
|
||||
cfg.SetToken(config.LoginToken{
|
||||
err = cfg.SetToken(config.LoginToken{
|
||||
AccessToken: loginResponseToken.AccessToken,
|
||||
RefreshToken: loginResponseToken.RefreshToken,
|
||||
Key: loginResponseToken.Key,
|
||||
TokenType: loginResponseToken.TokenType,
|
||||
ExpiresIn: loginResponseToken.ExpiresIn,
|
||||
})
|
||||
if err != nil {
|
||||
authLog.Error("Could not set token: %s", err.Error())
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
authLog.Info("Token refreshed")
|
||||
|
@ -123,6 +123,9 @@ func MemguardAssymmetricEncryptionKeyFromBytes(key []byte) (MemguardAsymmetricEn
|
||||
|
||||
func (key MemoryAsymmetricEncryptionKey) PublicBytes() []byte {
|
||||
privateKey, err := x509.ParsePKCS8PrivateKey(key.encKey)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
pub := (privateKey.(*rsa.PrivateKey)).Public()
|
||||
publicKeyBytes, err := x509.MarshalPKIXPublicKey(pub)
|
||||
if err != nil {
|
||||
@ -137,6 +140,9 @@ func (key MemguardAsymmetricEncryptionKey) PublicBytes() []byte {
|
||||
panic(err)
|
||||
}
|
||||
privateKey, err := x509.ParsePKCS8PrivateKey(buffer.Bytes())
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
pub := (privateKey.(*rsa.PrivateKey)).Public()
|
||||
publicKeyBytes, err := x509.MarshalPKIXPublicKey(pub)
|
||||
if err != nil {
|
||||
|
@ -90,9 +90,15 @@ func stretchKey(masterKey MasterKey, useMemguard bool) (SymmetricEncryptionKey,
|
||||
|
||||
var r io.Reader
|
||||
r = hkdf.Expand(sha256.New, buffer.Data(), []byte("enc"))
|
||||
r.Read(key)
|
||||
_, err = r.Read(key)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
r = hkdf.Expand(sha256.New, buffer.Data(), []byte("mac"))
|
||||
r.Read(macKey)
|
||||
_, err = r.Read(macKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if useMemguard {
|
||||
return MemguardSymmetricEncryptionKey{memguard.NewEnclave(key), memguard.NewEnclave(macKey)}, nil
|
||||
|
@ -71,7 +71,10 @@ func CreateSend(ctx context.Context, cfg *config.Config, vault *vault.Vault, nam
|
||||
}
|
||||
|
||||
sendUseKeyPairBytes := make([]byte, 64)
|
||||
hkdf.New(sha256.New, sendSourceKey, []byte("bitwarden-send"), []byte("send")).Read(sendUseKeyPairBytes)
|
||||
_, err = hkdf.New(sha256.New, sendSourceKey, []byte("bitwarden-send"), []byte("send")).Read(sendUseKeyPairBytes)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
sendUseKeyPair, err := crypto.MemorySymmetricEncryptionKeyFromBytes(sendUseKeyPairBytes)
|
||||
if err != nil {
|
||||
|
@ -25,7 +25,11 @@ func Sync(ctx context.Context, config *config.Config) (models.SyncData, error) {
|
||||
}
|
||||
|
||||
home, _ := os.UserHomeDir()
|
||||
WriteVault(sync, home+path)
|
||||
err := WriteVault(sync, home+path)
|
||||
if err != nil {
|
||||
return sync, err
|
||||
}
|
||||
|
||||
return sync, nil
|
||||
}
|
||||
|
||||
@ -55,7 +59,10 @@ func DoFullSync(ctx context.Context, vault *vault.Vault, config *config.Config,
|
||||
}
|
||||
if userSymmetricKey != nil {
|
||||
log.Info("Initializing keyring from user symmetric key...")
|
||||
crypto.InitKeyringFromUserSymmetricKey(vault.Keyring, *userSymmetricKey, sync.Profile.PrivateKey, orgKeys)
|
||||
err = crypto.InitKeyringFromUserSymmetricKey(vault.Keyring, *userSymmetricKey, sync.Profile.PrivateKey, orgKeys)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
log.Info("Clearing vault...")
|
||||
|
@ -88,7 +88,10 @@ func connectToWebsocket(ctx context.Context, vault *vault.Vault, cfg *config.Con
|
||||
|
||||
done := make(chan struct{})
|
||||
//handshake required for official bitwarden implementation
|
||||
c.WriteMessage(1, []byte(`{"protocol":"messagepack","version":1}`))
|
||||
err = c.WriteMessage(1, []byte(`{"protocol":"messagepack","version":1}`))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
go func() {
|
||||
for {
|
||||
@ -123,12 +126,14 @@ func connectToWebsocket(ctx context.Context, vault *vault.Vault, cfg *config.Con
|
||||
websocketLog.Error("Error getting token %s", err)
|
||||
break
|
||||
}
|
||||
DoFullSync(context.WithValue(ctx, AuthToken{}, token.AccessToken), vault, cfg, nil, false)
|
||||
break
|
||||
err = DoFullSync(context.WithValue(ctx, AuthToken{}, token.AccessToken), vault, cfg, nil, false)
|
||||
if err != nil {
|
||||
log.Error("could not perform full sync: %s", err.Error())
|
||||
return
|
||||
}
|
||||
case SyncCipherDelete:
|
||||
websocketLog.Warn("Delete requested for cipher " + cipherid)
|
||||
vault.DeleteCipher(cipherid)
|
||||
break
|
||||
case SyncCipherUpdate:
|
||||
websocketLog.Warn("Update requested for cipher " + cipherid)
|
||||
token, err := cfg.GetToken()
|
||||
@ -154,8 +159,6 @@ func connectToWebsocket(ctx context.Context, vault *vault.Vault, cfg *config.Con
|
||||
vault.AddOrUpdateLogin(cipher)
|
||||
}
|
||||
vault.SetLastSynced(time.Now().Unix())
|
||||
|
||||
break
|
||||
case SyncCipherCreate:
|
||||
websocketLog.Warn("Create requested for cipher " + cipherid)
|
||||
token, err := cfg.GetToken()
|
||||
@ -176,11 +179,8 @@ func connectToWebsocket(ctx context.Context, vault *vault.Vault, cfg *config.Con
|
||||
vault.AddOrUpdateLogin(cipher)
|
||||
}
|
||||
vault.SetLastSynced(time.Now().Unix())
|
||||
|
||||
break
|
||||
case SyncSendCreate, SyncSendUpdate, SyncSendDelete:
|
||||
websocketLog.Warn("SyncSend requested: sends are not supported")
|
||||
break
|
||||
case LogOut:
|
||||
websocketLog.Info("LogOut received. Wiping vault and exiting...")
|
||||
if vault.Keyring.IsMemguard {
|
||||
@ -213,17 +213,12 @@ func connectToWebsocket(ctx context.Context, vault *vault.Vault, cfg *config.Con
|
||||
websocketLog.Error("Error creating auth response %s", err)
|
||||
}
|
||||
})
|
||||
|
||||
break
|
||||
case AuthRequestResponse:
|
||||
websocketLog.Info("AuthRequestResponse received")
|
||||
break
|
||||
case SyncFolderDelete, SyncFolderCreate, SyncFolderUpdate:
|
||||
websocketLog.Warn("SyncFolder requested: folders are not supported")
|
||||
break
|
||||
case SyncOrgKeys, SyncSettings:
|
||||
websocketLog.Warn("SyncOrgKeys requested: orgs / settings are not supported")
|
||||
break
|
||||
default:
|
||||
websocketLog.Warn("Unknown message type received %d", mt1)
|
||||
}
|
||||
|
@ -7,6 +7,7 @@ import (
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"runtime/debug"
|
||||
"strings"
|
||||
@ -19,6 +20,7 @@ import (
|
||||
"github.com/quexten/goldwarden/agent/pincache"
|
||||
"github.com/quexten/goldwarden/agent/systemauth/pinentry"
|
||||
"github.com/quexten/goldwarden/agent/vault"
|
||||
"github.com/quexten/goldwarden/logging"
|
||||
"github.com/tink-crypto/tink-go/v2/aead/subtle"
|
||||
"golang.org/x/crypto/argon2"
|
||||
"golang.org/x/crypto/sha3"
|
||||
@ -78,6 +80,8 @@ type Config struct {
|
||||
mu sync.Mutex
|
||||
}
|
||||
|
||||
var log = logging.GetLogger("Goldwarden", "Config")
|
||||
|
||||
func DefaultConfig(useMemguard bool) Config {
|
||||
deviceUUID, _ := uuid.NewUUID()
|
||||
keyBuffer := NewBuffer(32, useMemguard)
|
||||
@ -188,37 +192,65 @@ func (c *Config) UpdatePin(password string, write bool) {
|
||||
c.ConfigFile.ConfigKeyHash = configKeyHash
|
||||
|
||||
plaintextToken, err1 := c.decryptString(c.ConfigFile.EncryptedToken)
|
||||
plaintextUserSymmetricKey, err3 := c.decryptString(c.ConfigFile.EncryptedUserSymmetricKey)
|
||||
plaintextEncryptedMasterPasswordHash, err4 := c.decryptString(c.ConfigFile.EncryptedMasterPasswordHash)
|
||||
plaintextMasterKey, err5 := c.decryptString(c.ConfigFile.EncryptedMasterKey)
|
||||
plaintextClientID, err6 := c.decryptString(c.ConfigFile.EncryptedClientID)
|
||||
plaintextClientSecret, err7 := c.decryptString(c.ConfigFile.EncryptedClientSecret)
|
||||
plaintextUserSymmetricKey, err2 := c.decryptString(c.ConfigFile.EncryptedUserSymmetricKey)
|
||||
plaintextEncryptedMasterPasswordHash, err3 := c.decryptString(c.ConfigFile.EncryptedMasterPasswordHash)
|
||||
plaintextMasterKey, err4 := c.decryptString(c.ConfigFile.EncryptedMasterKey)
|
||||
plaintextClientID, err5 := c.decryptString(c.ConfigFile.EncryptedClientID)
|
||||
plaintextClientSecret, err6 := c.decryptString(c.ConfigFile.EncryptedClientSecret)
|
||||
|
||||
key := NewBufferFromBytes(newKey, c.useMemguard)
|
||||
c.key = &key
|
||||
|
||||
if err1 == nil {
|
||||
c.ConfigFile.EncryptedToken, err1 = c.encryptString(plaintextToken)
|
||||
if err1 != nil {
|
||||
log.Error("could not encrypt token: %s", err1.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
if err2 == nil {
|
||||
c.ConfigFile.EncryptedUserSymmetricKey, err2 = c.encryptString(plaintextUserSymmetricKey)
|
||||
if err2 != nil {
|
||||
log.Error("could not encrypt user symmetric key: %s", err2.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
if err3 == nil {
|
||||
c.ConfigFile.EncryptedUserSymmetricKey, err3 = c.encryptString(plaintextUserSymmetricKey)
|
||||
c.ConfigFile.EncryptedMasterPasswordHash, err3 = c.encryptString(plaintextEncryptedMasterPasswordHash)
|
||||
if err3 != nil {
|
||||
log.Error("could not encrypt master password hash: %s", err3.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
if err4 == nil {
|
||||
c.ConfigFile.EncryptedMasterPasswordHash, err4 = c.encryptString(plaintextEncryptedMasterPasswordHash)
|
||||
c.ConfigFile.EncryptedMasterKey, err4 = c.encryptString(plaintextMasterKey)
|
||||
if err4 != nil {
|
||||
log.Error("could not encrypt master key: %s", err4.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
if err5 == nil {
|
||||
c.ConfigFile.EncryptedMasterKey, err5 = c.encryptString(plaintextMasterKey)
|
||||
c.ConfigFile.EncryptedClientID, err5 = c.encryptString(plaintextClientID)
|
||||
if err5 != nil {
|
||||
log.Error("could not encrypt client id: %s", err5.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
if err6 == nil {
|
||||
c.ConfigFile.EncryptedClientID, err6 = c.encryptString(plaintextClientID)
|
||||
}
|
||||
if err7 == nil {
|
||||
c.ConfigFile.EncryptedClientSecret, err7 = c.encryptString(plaintextClientSecret)
|
||||
c.ConfigFile.EncryptedClientSecret, err6 = c.encryptString(plaintextClientSecret)
|
||||
if err6 != nil {
|
||||
log.Error("could not encrypt client secret: %s", err6.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
c.mu.Unlock()
|
||||
|
||||
if write {
|
||||
c.WriteConfig()
|
||||
err := c.WriteConfig()
|
||||
if err != nil {
|
||||
log.Error("could not write config: %s", err.Error())
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
pincache.SetPin(c.useMemguard, []byte(password))
|
||||
@ -247,6 +279,9 @@ func (c *Config) SetToken(token LoginToken) error {
|
||||
}
|
||||
|
||||
tokenJson, err := json.Marshal(token)
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not marshall json: %s", err.Error())
|
||||
}
|
||||
encryptedToken, err := c.encryptString(string(tokenJson))
|
||||
if err != nil {
|
||||
return err
|
||||
@ -254,8 +289,7 @@ func (c *Config) SetToken(token LoginToken) error {
|
||||
// c.mu.Lock()
|
||||
c.ConfigFile.EncryptedToken = encryptedToken
|
||||
// c.mu.Unlock()
|
||||
c.WriteConfig()
|
||||
return nil
|
||||
return c.WriteConfig()
|
||||
}
|
||||
|
||||
func (c *Config) GetClientID() (string, error) {
|
||||
@ -281,8 +315,7 @@ func (c *Config) SetClientID(clientID string) error {
|
||||
|
||||
if clientID == "" {
|
||||
c.ConfigFile.EncryptedClientID = ""
|
||||
c.WriteConfig()
|
||||
return nil
|
||||
return c.WriteConfig()
|
||||
}
|
||||
|
||||
encryptedClientID, err := c.encryptString(clientID)
|
||||
@ -292,8 +325,7 @@ func (c *Config) SetClientID(clientID string) error {
|
||||
// c.mu.Lock()
|
||||
c.ConfigFile.EncryptedClientID = encryptedClientID
|
||||
// c.mu.Unlock()
|
||||
c.WriteConfig()
|
||||
return nil
|
||||
return c.WriteConfig()
|
||||
}
|
||||
|
||||
func (c *Config) GetClientSecret() (string, error) {
|
||||
@ -319,8 +351,7 @@ func (c *Config) SetClientSecret(clientSecret string) error {
|
||||
|
||||
if clientSecret == "" {
|
||||
c.ConfigFile.EncryptedClientSecret = ""
|
||||
c.WriteConfig()
|
||||
return nil
|
||||
return c.WriteConfig()
|
||||
}
|
||||
|
||||
encryptedClientSecret, err := c.encryptString(clientSecret)
|
||||
@ -330,8 +361,7 @@ func (c *Config) SetClientSecret(clientSecret string) error {
|
||||
// c.mu.Lock()
|
||||
c.ConfigFile.EncryptedClientSecret = encryptedClientSecret
|
||||
// c.mu.Unlock()
|
||||
c.WriteConfig()
|
||||
return nil
|
||||
return c.WriteConfig()
|
||||
}
|
||||
|
||||
func (c *Config) GetUserSymmetricKey() ([]byte, error) {
|
||||
@ -356,8 +386,7 @@ func (c *Config) SetUserSymmetricKey(key []byte) error {
|
||||
// c.mu.Lock()
|
||||
c.ConfigFile.EncryptedUserSymmetricKey = encryptedKey
|
||||
// c.mu.Unlock()
|
||||
c.WriteConfig()
|
||||
return nil
|
||||
return c.WriteConfig()
|
||||
}
|
||||
|
||||
func (c *Config) GetMasterPasswordHash() ([]byte, error) {
|
||||
@ -372,7 +401,6 @@ func (c *Config) GetMasterPasswordHash() ([]byte, error) {
|
||||
}
|
||||
|
||||
func (c *Config) SetMasterPasswordHash(hash []byte) error {
|
||||
|
||||
if c.IsLocked() {
|
||||
return errors.New("config is locked")
|
||||
}
|
||||
@ -386,8 +414,7 @@ func (c *Config) SetMasterPasswordHash(hash []byte) error {
|
||||
c.ConfigFile.EncryptedMasterPasswordHash = encryptedHash
|
||||
// c.mu.Unlock()
|
||||
|
||||
c.WriteConfig()
|
||||
return nil
|
||||
return c.WriteConfig()
|
||||
}
|
||||
|
||||
func (c *Config) GetMasterKey() ([]byte, error) {
|
||||
@ -412,8 +439,7 @@ func (c *Config) SetMasterKey(key []byte) error {
|
||||
// c.mu.Lock()
|
||||
c.ConfigFile.EncryptedMasterKey = encryptedKey
|
||||
// c.mu.Unlock()
|
||||
c.WriteConfig()
|
||||
return nil
|
||||
return c.WriteConfig()
|
||||
}
|
||||
|
||||
func (c *Config) encryptString(data string) (string, error) {
|
||||
@ -499,9 +525,11 @@ func ReadConfig(rtCfg RuntimeConfig) (Config, error) {
|
||||
if _, err := os.Stat(oldPath); err == nil {
|
||||
if _, err := os.Stat(newPath); err != nil {
|
||||
if _, err := os.Stat(newPathParent); os.IsNotExist(err) {
|
||||
os.Mkdir(newPathParent, 0700)
|
||||
err = os.Mkdir(newPathParent, 0700)
|
||||
return Config{}, err
|
||||
}
|
||||
os.Rename(oldPath, newPath)
|
||||
err = os.Rename(oldPath, newPath)
|
||||
return Config{}, err
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -6,15 +6,18 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/godbus/dbus/v5"
|
||||
"github.com/quexten/goldwarden/logging"
|
||||
)
|
||||
|
||||
var closeListenerMap = make(map[uint32]func())
|
||||
var notificationID uint32 = 1000000
|
||||
var log = logging.GetLogger("Goldwarden", "Dbus")
|
||||
|
||||
func Notify(title string, body string, actionName string, timeout time.Duration, onclose func()) error {
|
||||
func Notify(title string, body string, actionName string, timeout time.Duration, onclose func()) {
|
||||
bus, err := dbus.SessionBus()
|
||||
if err != nil {
|
||||
return err
|
||||
log.Error("could not get a dbus session: %s", err.Error())
|
||||
return
|
||||
}
|
||||
obj := bus.Object("org.freedesktop.Notifications", "/org/freedesktop/Notifications")
|
||||
actions := []string{}
|
||||
@ -26,16 +29,17 @@ func Notify(title string, body string, actionName string, timeout time.Duration,
|
||||
|
||||
call := obj.Call("org.freedesktop.Notifications.Notify", 0, "goldwarden", uint32(notificationID), "", title, body, actions, map[string]dbus.Variant{}, int32(60000))
|
||||
if call.Err != nil {
|
||||
return call.Err
|
||||
log.Error("could not call dbus object: %s", call.Err.Error())
|
||||
return
|
||||
}
|
||||
if len(call.Body) < 1 {
|
||||
return nil
|
||||
return
|
||||
}
|
||||
id := call.Body[0].(uint32)
|
||||
closeListenerMap[id] = onclose
|
||||
|
||||
if timeout == 0 {
|
||||
return nil
|
||||
return
|
||||
} else {
|
||||
go func(id uint32) {
|
||||
time.Sleep(timeout)
|
||||
@ -45,8 +49,6 @@ func Notify(title string, body string, actionName string, timeout time.Duration,
|
||||
}
|
||||
}(id)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func ListenForNotifications() error {
|
||||
@ -62,26 +64,22 @@ func ListenForNotifications() error {
|
||||
signals := make(chan *dbus.Signal, 10)
|
||||
bus.Signal(signals)
|
||||
for {
|
||||
select {
|
||||
case message := <-signals:
|
||||
if message.Name == "org.freedesktop.Notifications.NotificationClosed" {
|
||||
if len(message.Body) < 1 {
|
||||
continue
|
||||
}
|
||||
id, ok := message.Body[0].(uint32)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
if id == 0 {
|
||||
continue
|
||||
}
|
||||
if closeListener, ok := closeListenerMap[id]; ok {
|
||||
delete(closeListenerMap, id)
|
||||
closeListener()
|
||||
}
|
||||
message := <-signals
|
||||
if message.Name == "org.freedesktop.Notifications.NotificationClosed" {
|
||||
if len(message.Body) < 1 {
|
||||
continue
|
||||
}
|
||||
id, ok := message.Body[0].(uint32)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
if id == 0 {
|
||||
continue
|
||||
}
|
||||
if closeListener, ok := closeListenerMap[id]; ok {
|
||||
delete(closeListenerMap, id)
|
||||
closeListener()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
@ -37,30 +37,26 @@ func MonitorLocks(onlock func()) error {
|
||||
signals := make(chan *dbus.Signal, 10)
|
||||
bus.Signal(signals)
|
||||
for {
|
||||
select {
|
||||
case message := <-signals:
|
||||
if message.Name == "org.gnome.ScreenSaver.ActiveChanged" {
|
||||
if len(message.Body) == 0 {
|
||||
continue
|
||||
}
|
||||
locked, err := message.Body[0].(bool)
|
||||
if err || locked {
|
||||
onlock()
|
||||
}
|
||||
message := <-signals
|
||||
if message.Name == "org.gnome.ScreenSaver.ActiveChanged" {
|
||||
if len(message.Body) == 0 {
|
||||
continue
|
||||
}
|
||||
if message.Name == "org.freedesktop.ScreenSaver.ActiveChanged" {
|
||||
if len(message.Body) == 0 {
|
||||
continue
|
||||
}
|
||||
locked, err := message.Body[0].(bool)
|
||||
if err || locked {
|
||||
onlock()
|
||||
}
|
||||
locked, err := message.Body[0].(bool)
|
||||
if err || locked {
|
||||
onlock()
|
||||
}
|
||||
}
|
||||
if message.Name == "org.freedesktop.ScreenSaver.ActiveChanged" {
|
||||
if len(message.Body) == 0 {
|
||||
continue
|
||||
}
|
||||
locked, err := message.Body[0].(bool)
|
||||
if err || locked {
|
||||
onlock()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func MonitorIdle(onidle func()) error {
|
||||
@ -88,6 +84,4 @@ func MonitorIdle(onidle func()) error {
|
||||
|
||||
time.Sleep(1 * time.Second)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
@ -31,20 +31,20 @@ const (
|
||||
|
||||
var log = logging.GetLogger("Goldwarden", "Agent")
|
||||
|
||||
func writeError(c net.Conn, errMsg error) error {
|
||||
func writeError(c net.Conn, errMsg error) {
|
||||
payload := messages.ActionResponse{
|
||||
Success: false,
|
||||
Message: errMsg.Error(),
|
||||
}
|
||||
payloadBytes, err := json.Marshal(payload)
|
||||
if err != nil {
|
||||
return err
|
||||
log.Warn("Could not json marshall: %s", err.Error())
|
||||
return
|
||||
}
|
||||
_, err = c.Write(payloadBytes)
|
||||
if err != nil {
|
||||
return err
|
||||
log.Warn("Could not write payload: %s", err.Error())
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func serveAgentSession(c net.Conn, vault *vault.Vault, cfg *config.Config) {
|
||||
@ -145,9 +145,9 @@ func serveAgentSession(c net.Conn, vault *vault.Vault, cfg *config.Config) {
|
||||
},
|
||||
}
|
||||
|
||||
pinnentrySetError := pinentry.SetExternalPinentry(pe)
|
||||
pinentrySetError := pinentry.SetExternalPinentry(pe)
|
||||
payload := messages.PinentryRegistrationResponse{
|
||||
Success: pinnentrySetError == nil,
|
||||
Success: pinentrySetError == nil,
|
||||
}
|
||||
log.Info("Pinentry registration success: %t", payload.Success)
|
||||
|
||||
@ -167,9 +167,12 @@ func serveAgentSession(c net.Conn, vault *vault.Vault, cfg *config.Config) {
|
||||
log.Error("Failed writing to socket " + err.Error())
|
||||
}
|
||||
_, err = c.Write([]byte("\n"))
|
||||
if err != nil {
|
||||
log.Error("Failed writing to socket " + err.Error())
|
||||
}
|
||||
time.Sleep(50 * time.Millisecond) //todo fix properly
|
||||
|
||||
if pinnentrySetError != nil {
|
||||
if pinentrySetError != nil {
|
||||
return
|
||||
}
|
||||
|
||||
@ -266,8 +269,6 @@ func serveAgentSession(c net.Conn, vault *vault.Vault, cfg *config.Config) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
continue
|
||||
}
|
||||
|
||||
var responseBytes []byte
|
||||
@ -322,7 +323,10 @@ func StartUnixAgent(path string, runtimeConfig config.RuntimeConfig) error {
|
||||
log.Warn("Could not read config: %s", err.Error())
|
||||
cfg = config.DefaultConfig(runtimeConfig.UseMemguard)
|
||||
cfg.ConfigFile.RuntimeConfig = runtimeConfig
|
||||
cfg.WriteConfig()
|
||||
err = cfg.WriteConfig()
|
||||
if err != nil {
|
||||
log.Warn("Could not write config: %s", err.Error())
|
||||
}
|
||||
}
|
||||
cfg.ConfigFile.RuntimeConfig = runtimeConfig
|
||||
if cfg.ConfigFile.RuntimeConfig.DeviceUUID != "" {
|
||||
@ -348,14 +352,17 @@ func StartUnixAgent(path string, runtimeConfig config.RuntimeConfig) error {
|
||||
time.Sleep(60 * time.Second)
|
||||
continue
|
||||
}
|
||||
var protectedUserSymetricKey crypto.SymmetricEncryptionKey
|
||||
var protectedUserSymmetricKey crypto.SymmetricEncryptionKey
|
||||
if vault.Keyring.IsMemguard {
|
||||
protectedUserSymetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(userSymmetricKey)
|
||||
protectedUserSymmetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(userSymmetricKey)
|
||||
} else {
|
||||
protectedUserSymetricKey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(userSymmetricKey)
|
||||
protectedUserSymmetricKey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(userSymmetricKey)
|
||||
}
|
||||
if err != nil {
|
||||
log.Error("could not get encryption key from bytes: %s", err.Error())
|
||||
}
|
||||
|
||||
err = bitwarden.DoFullSync(context.WithValue(ctx, bitwarden.AuthToken{}, token.AccessToken), vault, &cfg, &protectedUserSymetricKey, true)
|
||||
err = bitwarden.DoFullSync(context.WithValue(ctx, bitwarden.AuthToken{}, token.AccessToken), vault, &cfg, &protectedUserSymmetricKey, true)
|
||||
if err != nil {
|
||||
log.Error("Could not sync: %s", err.Error())
|
||||
notify.Notify("Goldwarden", "Could not perform initial sync", "", 0, func() {})
|
||||
@ -369,7 +376,11 @@ func StartUnixAgent(path string, runtimeConfig config.RuntimeConfig) error {
|
||||
}
|
||||
}
|
||||
|
||||
processsecurity.DisableDumpable()
|
||||
err = processsecurity.DisableDumpable()
|
||||
if err != nil {
|
||||
log.Warn("Could not disable dumpable: %s", err.Error())
|
||||
}
|
||||
|
||||
go func() {
|
||||
err = processsecurity.MonitorLocks(func() {
|
||||
cfg.Lock()
|
||||
@ -435,14 +446,17 @@ func StartUnixAgent(path string, runtimeConfig config.RuntimeConfig) error {
|
||||
if err != nil {
|
||||
log.Error("Could not get user symmetric key: %s", err.Error())
|
||||
}
|
||||
var protectedUserSymetricKey crypto.SymmetricEncryptionKey
|
||||
var protectedUserSymmetricKey crypto.SymmetricEncryptionKey
|
||||
if vault.Keyring.IsMemguard {
|
||||
protectedUserSymetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(userSymmetricKey)
|
||||
protectedUserSymmetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(userSymmetricKey)
|
||||
} else {
|
||||
protectedUserSymetricKey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(userSymmetricKey)
|
||||
protectedUserSymmetricKey, err = crypto.MemorySymmetricEncryptionKeyFromBytes(userSymmetricKey)
|
||||
}
|
||||
if err != nil {
|
||||
log.Error("could not get encryption key from bytes: %s", err.Error())
|
||||
}
|
||||
|
||||
err = bitwarden.DoFullSync(context.WithValue(ctx, bitwarden.AuthToken{}, token.AccessToken), vault, &cfg, &protectedUserSymetricKey, true)
|
||||
err = bitwarden.DoFullSync(context.WithValue(ctx, bitwarden.AuthToken{}, token.AccessToken), vault, &cfg, &protectedUserSymmetricKey, true)
|
||||
if err != nil {
|
||||
log.Error("Could not sync: %s", err.Error())
|
||||
notify.Notify("Goldwarden", "Could not perform initial sync on ssh unlock", "", 0, func() {})
|
||||
@ -482,7 +496,11 @@ func StartUnixAgent(path string, runtimeConfig config.RuntimeConfig) error {
|
||||
continue
|
||||
}
|
||||
|
||||
bitwarden.DoFullSync(context.WithValue(ctx, bitwarden.AuthToken{}, token.AccessToken), vault, &cfg, nil, false)
|
||||
err = bitwarden.DoFullSync(context.WithValue(ctx, bitwarden.AuthToken{}, token.AccessToken), vault, &cfg, nil, false)
|
||||
if err != nil {
|
||||
log.Warn("Could not do full sync: %s", err.Error())
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
Loading…
Reference in New Issue
Block a user